-
Choose an endpoint -
Publicly accessible
and For Custom hostname, chooseNone
. -
Configure additional details
- CloudWatch logging role -
AWSTransferLoggingAccess
with PolicyAWSTransferLoggingAccessV3
and trust relationship astransfer.amazonaws.com
- Cryptographic algorithm options
- In Review and create, choose
Create server
.
- Create the IAM policy
TransferUserS3ScopeDownPolicy
for managed user
The transfer:HomeFolder
, transfer:HomeBucket
, and transfer:HomeDirectory
policy parameters. These parameters are set for the HomeDirectory
that is configured for the user
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws-cn:s3:::${transfer:HomeBucket}"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"${transfer:HomeFolder}/*",
"${transfer:HomeFolder}"
]
}
}
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObjectVersion",
"s3:GetObjectACL",
"s3:PutObjectACL"
],
"Resource": ["arn:aws-cn:s3:::${transfer:HomeDirectory}","arn:aws-cn:s3:::${transfer:HomeDirectory}/*"]
}
]
}
-
Create
TransferUserS3ScopeDownRole
with PolicyTransferUserS3ScopeDownPolicy
and trust relationship astransfer.amazonaws.com
-
For Policy, choose
None
. -
For Home directory
-
(Optional) For Restricted, select the check box so that your users can't access anything outside of that folder and can't see the Amazon S3 bucket or folder name.
- Generate SSH keys
ssh-keygen -P "" -m PEM -f transfer_key_test_user
- Navigate to the transfer_key_test_user.pub file and open it.
- Copy the text and paste it in step 7
SSH public key
.
-
For
SSH public key
, enter the public SSH key portion of the SSH key pair. -
Choose
Add
to add your new user to the server
Here using OpenSSH command line
sftp -i ~/.ssh/transfer_key_test_user test_user@s-9e601bad60074ddaa.server.transfer.cn-north-1.amazonaws.com.cn
Connected to test_user@s-9e601bad60074ddaa.server.transfer.cn-north-1.amazonaws.com.cn.
sftp> pwd
Remote working directory: /ray-database-migration/test_user
sftp> cd /ray-database-migration/test_user
sftp> put airport-codes.csv
Uploading airport-codes.csv to /ray-database-migration/test_user/airport-codes.csv
sftp> bye